FTC beefing up rules for protecting kids' privacy online

Some of the changes to the FTC's online privacy rule for kids include updating the list of personal data that can't be collected without parental consent to extend to geolocation info and photos.
Written by Rachel King, Contributor

Just a little more than a week after publishing a report voicing serious concerns over mobile apps directed at children, the Federal Trade Commission is taking more decisive action.

See also: We need standard disclosure for online privacy. Here's how

The FTC announced on Wednesday that it will be updating and "strengthening" the Children’s Online Privacy Protection (COPPA) Rule.

Originally adopted in 1998, the act is intended to require website operators and online services directed towards children under 13 to "give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information, and keep secure the information they collect from children.

In last week's report, the FTC argued that parents still don't have a clear picture of what kind of data is being collected about their children when it comes to mobile apps, in particular.

The last review of this rule was in 2010, and given the proliferation of social media (just look at the Instagram firestorm this week) since then, an update now makes sense.

There are a number of more specific modifications to the COPPA Rule, which are listed in detail within the FTC's statement.

Along with clarifications to definitions as to what constitutes "personal information" or a website "operator," here are a few examples of the amendments:

  • The list of "personal information" that cannot be collected without parental notice and consent now includes geolocation information, photos, and videos.
  • The FTC is closing "a loophole," which apparently allowed apps and websites targeted towards kids to allow third-parties to collect personal info from them via plug-ins without parental notice and consent.
  • The COPPA Rule is being extended to blanket "persistent identifiers" that recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs.

Furthermore, the FTC stipulated that the final amended rule "also requires operators to retain children’s personal information for only as long as is reasonably necessary, and to protect against unauthorized access or use while the information is being disposed of."

FTC chairman Jon Leibowitz asserted in prepared remarks that he is confident that these changes will "strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities."

Editorial standards